CVE-2025-34179
📋 TL;DR
CVE-2025-34179 is an unauthenticated SQL injection vulnerability in NetSupport Manager's Connectivity Server/Gateway that allows remote attackers to read arbitrary files from the server's filesystem. The vulnerability affects NetSupport Manager versions before 14.12.0001 and can be exploited without authentication by sending specially crafted HTTPS requests.
💻 Affected Systems
- NetSupport Manager
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of sensitive files including configuration files, credentials, and system files, potentially leading to full system takeover.
Likely Case
Disclosure of sensitive configuration files, user data, and potentially credentials stored on the server.
If Mitigated
Limited file access restricted by SQLite query constraints and file system permissions.
🎯 Exploit Status
Public exploit details and proof-of-concept are available. The vulnerability requires sending crafted HTTPS requests to the Connectivity Server/Gateway endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 14.12.0001
Vendor Advisory: https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/
Restart Required: Yes
Instructions:
1. Download NetSupport Manager version 14.12.0001 or later from the official vendor website. 2. Run the installer and follow the upgrade process. 3. Restart the NetSupport Manager service or reboot the system.
🔧 Temporary Workarounds
Network Access Control
allRestrict network access to the NetSupport Manager Connectivity Server/Gateway to only trusted IP addresses.
HTTPS Termination
allPlace a reverse proxy or WAF in front of the Connectivity Server that can filter malicious SQL injection patterns.
🧯 If You Can't Patch
- Isolate the NetSupport Manager server in a separate network segment with strict access controls.
- Implement application-level firewalls or WAF rules to block SQL injection patterns in URI requests.
🔍 How to Verify
Check if Vulnerable:
Check the NetSupport Manager version in the application interface or configuration files. Versions below 14.12.0001 are vulnerable.Check Version:
On Windows: Check Help > About in NetSupport Manager GUI. On Linux: Check installation directory or service configuration files.Verify Fix Applied:
Verify the installed version is 14.12.0001 or higher and test that SQL injection attempts no longer return file contents.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in NetSupport Manager logs
- Multiple failed file access attempts via gateway.db queries
Network Indicators:
- HTTPS requests to Connectivity Server with SQL injection patterns in URI parameters
- Unusual file retrieval patterns from the server
SIEM Query:
source="netsupport*" AND (uri="*SELECT*" OR uri="*UNION*" OR uri="*sqlite*" OR error="*SQL*" OR error="*syntax*")